If a path with a control character exists in the HEAD revision, operations involving this path will fail over DAV, until the offending path has been removed with 'svn rm'.

This bug was initially being tracked as a security issue CVE-2018-1293. Per recommendation of the Apache Security team, this problem is now being treated as a non-security issue. The impact is a DoS which can only be triggered by an authenticated attacker, and is easily resolved with 'svn rm'.

Philip developed a test and a fix (working but incomplete) which is now being developed in public on the 'dav-path-escape' branch.